Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Coppermine Gallery < 1.1 beta 3 SQL Injection (deprecated)

High

Synopsis

The remote web server contains a script which is vulnerable to a SQL injection attack.

Description

The remote host is running CopperMine Gallery, a set of PHP scripts to handle galleries of pictures. There is a flaw in the version of Coppermine Gallery which is used by the remote host, which may allow an attacker to do a SQL injection attack, which would allow the viewing of arbitrary pictures or even to gain administrative access on this database.

Solution

Upgrade to Coppermine Gallery 1.1 beta 3 or higher.